Reply To: OCU C)ISSO D Discussion Lesson 05
NIST Cybersecurity Framework
ISO/IEC 27001:2013
1. NIST Cybersecurity Framework
The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a comprehensive approach to managing cybersecurity risks. It is a risk-based framework that is used by organizations to identify, assess, and manage cybersecurity risks to their operations and assets. The framework consists of five core functions: Identify, Protect, Detect, Respond, and Recover.
The Identify function helps organizations to understand their assets, systems, data, and capabilities. This is important because it provides a foundation for developing an effective cybersecurity risk management strategy. The Protect function involves implementing safeguards to protect critical infrastructure and sensitive data. The Detect function focuses on identifying cyber threats and vulnerabilities to the organization. The Respond function outlines the procedures to be followed in the event of a cybersecurity incident. The Recover function involves restoring normal operations after a cybersecurity incident has occurred.
You can learn more about the NIST Cybersecurity Framework by reading the official documentation available on the NIST website.
2. ISO/IEC 27001:2013
ISO/IEC 27001:2013 is a globally recognized information security management standard. It provides a systematic approach to managing information security risks. The standard provides a framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
The standard consists of 14 control categories and 35 control objectives. These categories and objectives are used to help organizations identify and implement appropriate controls to manage their information security risks. Some of the key control categories include Information Security Policies, Organization of Information Security, Asset Management, Access Control, Cryptography, Physical and Environmental Security, and Incident Management.
ISO/IEC 27001:2013 is a comprehensive framework that provides a structured approach to managing information security risks. You can learn more about the standard by reading the official documentation available on the ISO website.
Overall, both of these frameworks are widely recognized and used by organizations around the world to manage cybersecurity risks and protect their assets.
Reference:
“CISSO_Student_Workbook_v19_vol2.” Mile2.com, mile2.com/m2-courses/cisso/version-18/ebooks/volume2/index.html#p=41. Accessed 16 Apr. 2023.
“OCU Information Systems Security Officer D.” Mile2 Cybersecurity Certifications, mile2.com/courses/ocu-information-systems-security-officer-d/lessons/cisso-lesson-06-operations-security/. Accessed 16 Apr. 2023.
